•CWM core processes running on a workstation can be stopped from any other workstation that is running a remote CWM session. For example, when you log into a workstation running the CWM core processes and select Stop Core (Option 2), you are terminating the CWM core processes for not only yourself, but for all others using those CWM core processes. Therefore, you must be careful not to select the Stop Core option when you are through. Take care to close only the windows you have opened remotely, and at the CWM main menu, select X to exit the application.

Performing a Warm Start of CWM

A warm start of CWM consists of stopping the application, then restarting it. When you perform a warm start of CWM, the application continues to use data in the existing Informix database.

Note System administrators should only perform a warm start.

Caution Before doing a warm start, you should not change any configuration parameters such as shared memory parameters or the number of instances that are used for processes. You can change only timeout, log, level, and session parameters. Network operations can be performed.

You can execute a warmstart only if the cold start is completed successfully. To verify if the cold start is completed successfully, complete the following procedure:

Step 1 Open a terminal window.

Step 2 Enter the vi command to edit the ~svplus/log/.DBKR_SYNCHUP_MESSAGE file as shown in the following example:

azure% vi ~svplus/log/.DBKR_SYNCHUP_MESSAGE

Step 3 Look for the sync-up complete message.

If the sync-up complete message is not found, you can execute a cold start again. The cold start complete message is normally printed on the console when the cold start sync-up completes.

Note Provisioning should be attempted only after a warm start cache rebuild is complete. You should look for a rebuild message on the console, which indicates that the rebuild is complete.

To perform a warm start of CWM, complete the following procedure:

Step 1 Open a terminal window.

Step 2 Enter CWM at the prompt to display the CWM main menu.

Step 3 From the CWM main menu, enter option 2 (Stop Core) as follows:

Welcome to Cisco Wan Manager Release 12_Aug23.SOL28 Fri Aug 23 012

Cisco Wan Manager is being run from the workstation, "azure". by svplus

MAIN MENU

---------

1) Start Core

2) Stop Core

3) Start Desktop

X) Exit

Core is running

enter number or x to exit:2

You can verify the status of the core. The above example shows that the core is running.

Step 4 Enter y to confirm that you want to stop core.

Step 5 Press Return to redisplay the CWM main menu.

It should take less than three minutes for all of the processes and messages to end.

Note Message retrieval takes approximately three minutes to complete.

Step 6 From the main menu, enter option 1 (Start Core).

Performing a Cold Start of CWM

This section describes how to perform a cold start of CWM.

Note You can provision only after the cold start complete message appears on the console or look for verification in the .DBKR_SYNCHUP_MESSAGE file. Do not stop CWM till the complete message appears on the console; otherwise, you must start the cold start script again.

The following coldstart scripts are supported:

•coldstart <opt>—Specifies a script to clean up both CWM and Statistics Collection Manager (SCM) data for both CWM and the SCM standalone workstations.

•coldstartSCM <opt>—Specifies a script to clean up only SCM nonnetwork data in the CWM workstation. SCM nonnetwork data includes enable information (nodes and cards), collection information (nodes and cards where stats collection is started), stats data (all the statistics that were uploaded and put into the database), and statistics templates.

You can replace the <opt> parameter with -F to remove all data that includes configuration data, user data, and network data. If no option is selected, network data is removed and nonnetwork data remains intact.

Caution If you perform a
coldstart -F, connection templates, Service Class Templates (SCT) templates, stats data, and connection descriptors are deleted from the database.

To perform a cold start of CWM, complete the following steps:

Step 1 Open a terminal window.

Step 2 Enter CWM at the prompt to display the CWM main menu.

Step 3 From the CWM main menu, enter option 2 (Stop Core) as follows:

Welcome to Cisco Wan Manager Release 12_Aug23.SOL28 Fri Aug 23 012

Cisco Wan Manager is being run from the workstation, "azure". by svplus

MAIN MENU

---------

1) Start Core

2) Stop Core

3) Start Desktop

X) Exit

Core is running

enter number or x to exit:2

You can verify the status of the core. The above example shows that the core is running.

Step 4 Enter y to confirm that you want to stop core.

It should take several minutes for all of the processes and messages to end, depending upon the number of nodes in the network.

Step 5 Press Return to redisplay the CWM main menu.

Step 6 From the main menu, enter option (x) to exit the CWM application.

Step 7 At the prompt, enter the applicable coldstart script to cold start the system.

The following example shows the cold start script without the option -F parameter that removes all network data while preserving the existing user data:

azure% coldstart

Step 8 Enter CWM to redisplay the main menu.

Step 9 Enter option 1 (Start Core) from the CWM main menu.

Launching CWM Server

Upon launching CWM, the main menu is displayed. The CWM main menu enables you to initiate and terminate the CWM core processes and to access the CWM desktop window. You can also use the main menu to get the name of the current database.

To launch the CWM server, complete the following steps:

Step 1 Open a terminal window.

Step 2 When the login prompt appears, you must

a. Enter the login name svplus.

b. Enter the password svplus.

The following example is shown:

login: svplus

Password:
Last login: Fri Oct 11 14:27:15 from 171.71.29.94

Sun Microsystems Inc. SunOS 5.8 Generic February 2000

azure%

Note•The default configured username is svplus and thepassword is svplus.

•If you want to change the default configured password, you must:

–Change the UNIX password by executing the passwd command.

–Change the svplus password in the database by executing the updateftpinfo command. The following example illustrates the usage of the updateftpinfo command:

tballraker18% updateftpinfo

Usage: updateftpinfo <ftp user> [<ftp password>]

tballraker18%

Step 3 At the prompt, enter CWM. See the following screen.

azure% CWM

Welcome to Cisco Wan Manager Release 12_Aug23.SOL28 Fri Aug 23 012

Cisco Wan Manager is being run from the workstation, "azure". by svplus

MAIN MENU

---------

1) Start Core

2) Stop Core

3) Start Desktop

X) Exit

Core is running

enter number or x to exit:

If the error message Environment Variable DISPLAY not set is displayed when you attempt to start the main menu and the display is not being xhosted to another workstation, enter the following syntax:

azure% setenv DISPLAY machine_name:0.0

To select any of the CWM main menu options listed in Table 2-1, specify the number and press Return.

You can verify the status of the CWM core.

Note The Dump db data option is no longer supported. For information on saving the data in the Informix database, refer to the Cisco WAN Manager Database Interface Guide.

.

Table 2-1 CWM Main Menu Options

Menu Option

Description

1) Start Core

Starts the CWM core and initiates CWM daemon processes.

2) Stop Core

Stops the CWM daemon processes.

3) Start Desktop

Displays the CWM desktop window.

X) Exit

Exits CWM without shutting down the CWM core processes.

Step 4 From the CWM main menu, enter option 1 (Start Core) to start the CWM Core process at the prompt.

Press Return.

Observe the messages that are displayed. Notice the gateway and standalone nodes socketed messages to the IP-LAN addresses.

Due to the nature of asynchronous behavior of ILOG client and server interaction, CWM client requests may be sent before the CWM server is ready. In this case, the following error messages are displayed on the workstation screen:

Note If the ILOG timeout situation persists for more than five minutes and the CWM workstation is not functioning normally, a service call is made.

A Link0 down message is displayed and followed by a Link0 up for each gateway node. If communication is established to the gateway node and everything is working correctly, a group of Link1 up messages for all nodes are displayed.

If displayed, you can disregard several ILOG RT-Broker messages, the EMSD dumping message, and any server EMDAEMON not registered messages. These messages are normal.

Note Additional messages are displayed for PNNI nodes.

After you see Link 0, Link 1, and gateway node messages indicating the connections are up, continue to the next step. If there is a problem with a Link connection, you will not see all connections come up.

Note Standalone Cisco MGX 8850 (PXM1E and PXM45) switches do not use Link protocol and will not show up in these messages. Feeder Cisco MGX 8850 switches act like Cisco MGX 8220 switches and do not display Link 1 messages.

Launching CWM Client

CWM Client is a software component that permits you to access and use the features of a CWM Server workstation from a network connected client system. It is designed to run on either Sun Solaris or a Windows 2000 based client machine under Sun Microsystem's WebStart utility. For more information on the requirements, refer to the instructions in the Cisco WAN Manager Installation Guide for Solaris 8, Release 12.

Note It is highly recommended that you use the WebStart Client to start additional CWM GUIs.

CWM supports multiple GUIs.

To install the CWM Client, refer to the instructions in the Cisco WAN Manager Installation Guide for Solaris 8, Release 12. After the installation and if you are launching the CWM Client for the first time, perform the following steps:

Step 1 Start the web browser.

Step 2 Connect to the CWM Server by using the applicable workstation name followed by :1551.

For example, http://cwmhost:1551 or http://cwmhost.company.com:1551.

Note 1551 is the port number for the CWM Client web page.

After launching the CWM Client the second time, WebStart prompts you to create a desktop shortcut.

Note If you did not create a CWM desktop icon, choose Start > Programs > CWM 12.0 Network Topology or you can also access the CWM Server. For more information on launching the CWM Server, see the "Launching CWM Server" section.

Step 2 Enter the applicable password.

The default username and password is svplus.

Exiting CWM

This section provides information about exiting CWM.

To exit the CWM application, complete the following steps:

Step 1 Choose File > Exit to close the CWM Desktop.

Step 2 If the Statistics Manager is running, choose File > Quit.

Click OK when prompted to confirm the operation.

Step 3 Close all CWM applications that are currently running.

Step 4 From the CWM main menu, enter option 2 (Stop Core).

Step 5 Enter y to confirm that you want to stop core.

Depending upon the number of nodes in the network, it might take several minutes for all the processes and messages to end.

Step 6 Press Return to redisplay the CWM main menu.

Step 7 From the main menu, enter x to exit the CWM application.

Navigating the Client Desktop

The client desktop provides a menu bar and a toolbar that correspond to the principal CWM applications. You click on a particular icon to launch the corresponding application you need for network management, monitoring, report generation, and administrative tasks. Figure 2-3 shows the Network Topology Main window.

Figure 2-3 Network Topology Main Window

1

Menu bar

2

Toolbar

3

Status bar

4

Topology view

5

View selection tabs

6

Browse window

7

Hierarchy view

8

Overview window

Menus and Toolbar

The configuration, managing, and monitoring options for configuring your switches are available from menus and a toolbar.

Menu Bar

The menu bar provides a complete list of options for managing your switches. The options and functions are listed in Table 2-2.

Note To access the Network Configurator application, you must use the switch CLI. You can use the network configurator to add new nodes, modify, or delete existing nodes on your network. For more information, see the "Configuring Nodes" section.

Table 2-2 Menu Bar

Menu-Bar Options

Keyboard Shortcut

Mnemonic Shortcut

Task

File

—

Alt-F

Save

Ctrl-S

Alt-S

Saves the current positions of the nodes, trunks, and group information in all of the views. Also, the current map, view size and view zoom level are all saved to the user.home directory. The files are parsed the next time CWM is launched.

Print

Ctrl-P

Alt-P

Prints the current view of the Network Topology window.

Exit

—

Alt-X

Exits the CWM application and closes the main window.

Edit

—

Alt-E

Group

—

—

Creates or deletes a node or group of nodes.

Search

—

—

Searches for a node by using the node name or the node IP address.

View

—

Alt-V

Layer

—

—

Turns on or turns off the display for the IP Address, Node Name, and Trunk Name.

Zoom

—

—

Provides different levels of zoom functions for resizing the view of the Network Topology window.

Background

—

—

Changes the color or map view of the Network Topology window.

Options

—

—

Displays the CWM Topology Option window.

PNNI Hierarchies

—

—

Displays the following levels of peer groups:

•Expand All Peer Groups

•Collapse All Peer Groups

Refresh

—

—

Refreshes the current Network Topology view.

Actions

—

Alt-A

Network

—

—

Displays the following network objects:

•Display Link Status

•VSI Consistency Check

•Expand Network in View

•Expand Network in Submap

•Collapse Network in View

•Collapse all Networks

•Display Nodes

•Display Trunks

PNNI Network

—

—

Displays the following PNNI network objects:

•Expand All Networks

•Collapse All Networks

Peer Groups

—

—

Displays the following peer groups:

•Peer Group Info

•Expand All Peer Groups

•Collapse All Peer Groups

PNNI Node

—

—

Brings up a PNNI Node Information window for operations specific to a selected node.

Trunk

—

—

Provides information about an individual trunk.

Note For PNNI View, the Trunk menu option is replaced with PNNI Link to provide PNNI node information for MPG1.

Toolbar

The toolbar buttons display the CWM applications, common usage tasks, and access to the layout of the network topology.

You can separate the toolbar from the network topology window or position it vertically instead of horizontally. To separate the toolbar, left-click in the toolbar position handler and drag the toolbar to the desired location. Move the pointer over an icon to display the feature.

Table 2-3 lists the toolbar functions, from left to right on the toolbar.

Note If you right-click away from the network to display different views of the network topology, the navigation popup menu options are different. You can also view the background popup menu (see Figure 2-7).

Table 2-4 Network Topology View Popup Menus

Popup Menu Option

Task

Navigation

New Submap

Displays a New Submap window that contains an expanded view of the selected network.

Lock

Locks the selected network in place.

Navigation (right-click away from network)

Show Parent Map

Returns to the parent overlay submap.

Show Root Map

Returns to the root overlay submap.

Node Zoomable

Displays the zooming capability of the node when the network topology view is zoomed.

Displays the selected network in place. A submap can have a different background image that simulates going down from a higher level geography to a lower level geography. For example, you can go down to a nation, down to a state, and down to a city.

New Submap

Displays a New Submap window.

Overlay Submap

Displays a routing node with all the child nodes. To exit this image configuration, click away from the configuration.

Group

Add Node

Adds a node to the group.

Delete Node

Deletes a node from the group.

Node

Display Shelf

Displays the shelves in a selected node.

Admin

Displays a telnet session to connect to the selected node in the current submap.

Node Resync

Displays the Node Resync Progress window for the selected node in the current submap. To begin the node resync process, click Start.

The following node resync types are:

•Level 1—Resolves inconsistencies between the switch and equipment manager as well as between equipment manager and segment tables.

•Level 2—Retrieves the full connection file from the switch and resolves inconsistencies between the equipment manager and equipment manager caches as well as between equipment caches and databroker caches. It also resolves inconsistencies between equipment manager and segment tables.

This option is used if the number of inconsistencies is large.

VSI Partition

Displays the VSI Partition dialog box for the selected node in the current submap.

CiscoView

Manages a device for a particular node.

XPVC Preferred Cnf

Adds, modifies, or deletes data to or from the xpvc_Pref table.

Multiple Peer Group Navigation

Network Topology displays a PNNI logical routing topology that consists of MPGs, which support multiple levels of peer groups.

MPG displays

•Entire hierarchy of peer groups.

•Logical nodes for each peer group.

•Information for the logical node, peer group leaders, and peer groups.

•Link information.

•Status for the logical nodes and logical links.

Lines represent links between peer groups and nodes. The links between peer group leader (PGL) and the parent logical group node (LGN) in the upper peer group are shown in two dotted lines beside the node and peer group.

To monitor the PNNI network, click the PNNI view tab from the Network Topology main window. Figure 2-12 displays the PNNI view. For information about view references, see Figure 2-3.

Figure 2-12 PNNI View Window

The following browse functions are for the PNNI view:

•Peer Groups—Displays an individual cloud icon for each peer group.

•Links—Specifies links nodes between nodes.

Understanding MPG LED Colors

Each icon is a different color according to the corresponding status of the logical node representation.

You can configure user access by using the security manager application, which provides controlled access to multiple users of CWM, based on the user's UNIX user ID and password. The security manager application is launched from the CWM Client desktop.

By using security manager, you can

•Provide user-access profiles that can be customized for each user. The user-access profile is a list of operations or actions a user can perform coupled with assigned access privileges for each action.

By default, only the svplus user can start and stop the CWM core processes. The svplus user has sufficient access privileges to launch all CWM applications and administer security manager.

Other users are assigned access privileges that enable them to perform operations within security-controlled applications. Depending on the setting of access privileges by those who administer security management, the operations are limited. Without the proper access privileges, users cannot launch security-controlled applications.

Understanding the Security Manager Requirements

Before you can use security manager, you must:

•Enter the addnewuser commandas root to add a new UNIX userID and password.

Note Each CWM user in Security Manager must have a unique UNIX userID that exists on the CWM host. The UNIX userID and password are used only for authentication purposes.

•Add the new user to the CWM Security system by svplus (or any other security administrator), and access privileges are assigned through the CWM Security Manager application.

To add a user, complete the following steps:

Step 1 From a console prompt, enter the su command to change to be the superuser at the command prompt.

Step 2 Enter the root password and the root prompt is displayed.

host% su

Password:

Step 3 At the root prompt, enter the cd command to change to the /usr/users/svplus/tools directory:

host% cd /usr/users/svplus/tools

Step 4 Enter ./addnewuserusername at the root prompt as shown in the following example:

host% # ./addnewuser <username>

For example, <username> is the name of the user to add. The username must be 1 to 8 alphanumeric characters.

Step 5 Enter the new user password.

Note If you want to change the password for the user created by the addnewuser command, enter the UNIX command passwd.

Step 6 Confirm the password, the user ID, and password are registered for UNIX.

Step 2 Choose the user that you want to view from the list of users in the left panel of the window.

The access privileges for the selected user are listed in the right panel of the window. All applications and access privileges are greyed out. Unchecked boxes indicate the absence of a particular privilege in a specific application.

Creating New Profiles

You can create profiles to allow users to perform specific tasks within CWM. Depending on their access privileges, users are granted access to controlled applications. You can create a security profile to give a user read, create, modify, or delete privileges to one or more of the controlled applications. For example, network browser is a read-only application; whereas, users can be given create and modify privileges for connection manager.

You can set up a profile to grant all privileges to one of the applications and some privileges to another application. A profile can be created for users who require only read access to observe an application but at the same time provide detailed security control.

Note If you choose Read-Audit or Write-Audit access privileges, an audit log is created the next time a user, assigned to that profile, logs in. See the Accessing the Audit Trail Log Files section for an example of an audit log.

Step 5 Click Create to create the new profile.

Viewing Profiles

To verify that the profile is created or modified, complete the following steps:

Step 1 From the Security Manager window, click the View Profile tab to view the profiles as shown in Figure 2-25.

Figure 2-25 View Profile Window

Step 2 Choose the profile from the list of profiles in the left pane of the window.

The access privileges are listed in the right pane of the window. All applications and access privileges are grayed out. Unchecked boxes indicate the absence of a particular privilege in a specific applications.

For a list of supported applications under the application name parameter, see Table 2-24.

Restricting User Access

CWM Administration manages user security. CWM Administration allows restricted access logins to enable users to perform tasks based on detailed access privileges. The user svplus still exists and should be used by experienced and trusted system administrators.

For each action, a user is given privileges to read, create, modify, or delete functions, or a user may have all privileges to manage all or some actions. For definitions of the access privileges, see Table 2-15.

Note As in previous releases, only user svplus can start and stop the CWM core processes.

Delete connections; also able to list connections and view multicast connections and templates (read access privileges)

The CWM Network Topology application is linked to Security Manager which checks a user's access privileges before providing access to the Topology application on the CWM desktop. A user without access privileges will find the Topology icon on the CWM desktop to be grey, inactive, and unable to launch the Topology application. Table 2-20 lists the access privileges.

The CWM Statistics Collection Manager is linked to Security Manager, which checks a user's access privileges before providing access to SCM. A user without access privileges can not launch the SCM application.

Table 2-22 lists the access privileges for all CWM applications. The "X" indicates that read, create, modify, or delete functions are available for the specified application; the All function is used for the purpose of including all access privileges that are available for the specified application.

Note Unless Network Topology has Read permissions, Config Save & Restore, Image Download, and Node Resync cannot be selected. Also, if any of these three applications are selected in a profile, Network Topology cannot be de-selected.

Accessing the Audit Trail Log Files

Audit trail allows CWM to record activities across different modules in a persistent file. Each audit trail record describes an event and are grouped by date. Only root and members of a specific user group have read permission to the audit trail log files through the UNIX shell on the CWM Server. The specific user group is a specific UNIX user group that is either an existing one or a new one. The audit trail log files are also shown through the CWM Administration GUI. If a CWM user has read access to the CWM Administration GUI, the user has read access to the audit trail log files. The name of the group is a configurable parameter. The user is allowed to retrieve the audit trail records.

Note Security and permission privileges are not enforced with the audit trail.

Displaying the Server and Log File Configuration

The audit trail server is a central CWM back-end server that is used to record audit trail records coming from CWM front-end applications to a central log file. The audit trail server also maintains the audit trail log files.

Audit trail log files have security restrictions for access and can be read only by users within a specified group, and can be modified or deleted only by root. Also, the audit trail is designed as a feature internally to CWM with no external dependencies or interdependencies with any ATM switch that is managed by CWM.

Before CWM is started, you can use the Network Configurator to configure nodes. For more information about using the Network Configurator, see the "Configuring Nodes" section. After CWM is started, you can use all CWM applications, for example, Connection Manager, Network Browser, and so forth. The audit service monitors all user activities.

After CWM is installed, the audit trail server is automatically started to provide audit service at all times.

Note If you do not need to run the audit service before CWM is started, you do not have to execute startorbix2000 and RunGuard.

After you reboot the CWM workstation, complete the following procedure if you want the audit service to run before CWM is started:

Step 1 Open a terminal window.

Step 2 When the login prompt appears, you must:

a. Enter the login name svplus.

b. Enter the password svplus.

Step 3 Enter the cd command to change to the /usr/users/svplus/scripts directory as shown in the following example:

tballraker18% cd /usr/users/svplus/scripts

tballraker18%

Step 4 Enter startorbix2000 to start Orbix at the prompt.

Step 5 Enter the cd command to change to the /usr/users/svplus/scripts/Install directory as shown in the following example:

tballraker18% cd /usr/users/svplus/scripts/Install

tballraker18%

Step 6 Enter RunGuard at the prompt.

Note You can choose an individual application along with the type of access such as add, modify, and delete. For a list of the applications, see Table 2-24.

Audit trail logging is done per CWM workstation and each CWM workstation performs an independent audit trail log. There is no communication or synchronization between CWM workstations regarding an audit trail.

All audit trail log files are in ASCII format and can be retrieved by any text editor. These files provide records that are logged to a central log file and separated by date, with one log file for each day. The following log file is configured:

•The location of the log file. The default is the standard CWM log file directory ($CWM_HOME/log/AL).

•The number of days. By defining the number of days for the audit trail log files to be kept, all other obsoleted audit trail logs will be deleted automatically.

•The name of the user group whose member can read the audit trail log files.

•The number of listener threads and processor threads. These parameters are used for compromising between scalability to serve more clients, and the efficiency to conserve less resources. A recommended set of numbers is obtained after performance benchmarking.

The configuration file follows the convention used by other CWM configuration files. The configuration file for the audit log is located in the $CWM_HOME/config/AuditLogger.conf directory. From the AuditLogger.conf file, you can set the directory to store the audit log file. The default setting is $CWM_HOME/log/AL.

Viewing the Audit Trail Log

By using the audit trail viewer, you can view audit log files for specified days either as a whole file or portions of the file. The audit trail viewer allows you to sort, filter, and search for specific log entries. All read, create, modify, and delete activities are monitored and logged to a file.

Specifies the days the audit trail log is viewed. If the Date field is not checked, all files in the directory are checked. The format is YYYYMMDD and multiple days can be specified. The following is an example

•20030310—Displays the audit trail log for March 10, 2003.

•20030310 to 20030312—Displays the audit trail log from March 10, 2003 to March 12, 2003.

•20030310 to 20030312,20030314—Displays the audit trail log from March 10, 2003 to March 12, 2003 and March 14, 2003.

Time

Specifies the start and end times. The format is HH:MM:SS. If the Time field is not checked, time is not set as a filter.

Host Name

Specifies the host workstation name that the audit trail log is generated.

Note If you run a CWM application by a remote login to a CWM server, the audit trail log displays the CWM server name instead of the remote terminal. If the Host Name field is not checked, all host names are used.

User Id

Specifies the user ID that is used to log into the CWM desktop. If the User Id field is not checked, all user IDs are used.

Application Name

Specifies the application name such as network topology or connection manager. If the Application Name field is not checked, all applications are used. The following are the application choices:

•All

•Network Topology

•Network Browser

•Configurator

•Connection Manager

•Service Class Template Manager

•Statistics Collection Manager

•CWM Administration

•Security Manager

•Node Resync

•Image Download

•Config/Save/Restore

•Config/Save/Restore CLI

•CiscoView

•BERT

•XPVC

•CUG

•Gateway Monitor

Event Type

Specifies the categories such as add or delete. If the Category field is not checked, all categories are used.

Max entries per page

Specifies the maximum entries that are displayed in the table each time.

Default: 50

Total

Displays the total entries found and the status of the current display.

<<

Displays the previous page entries.

Default: 50 entries per batch

>>

Displays the next page entries.

Step 3 To submit the specified criteria for the log file, click Submit. The result is returned.

Step 4 To reset all the fields to the default state, click Reset All.

Monitoring the CWM Health Status

You can monitor the current CWM status such as collecting health-related data, reporting significant events to network operators, and browsing through the historical status. For example, network management interface problems can also impact the functionality of CWM such as connection provisioning. The following types of network management health information are monitored:

•Switch network management interfaces

•CWM components

•UNIX, Informix, Orbix, and so forth

Events are grouped into the following categories:

•Network-related events—Specifies that CWM has no or little control, for example, IP unreachable, FTP timeouts, and so forth.

•CWM internal events—Specifies that CWM has the capability to resolve process crashes, IPC link failures, and so forth.

•System events—Causes problems in CWM and requires operator intervention, for example, disk full, low on swap space, and so forth.

Configuring the SNMP Community String

CWM configures the community strings for SNMP management and supports various multi-service-switching devices.

Caution The community strings on the devices and the community strings used by CWM do not sync up automatically (except at the initial stage when the community strings on the devices are at default). Users have to explicitly change them on both sides (using the Network Configurator
on CWM or the command line interface (CLI) on the switch). If this is not done, all SNMP requests (including Robust Trap Management or Node Sync-up) fails, and the CWM database is inconsistent with the network.

The Network Configurator does not require the CWM core to be running; therefore, it is used when the CWM core is up and running or when the CWM core is down.

To configure the SNMP community string, you must change the community strings on the devices through the CLI. Telnet to the switch to configure the community strings at the switches. The community string are configured for the following nodes:

Table 2-26 describes the various options involved in configuring the SNMP.

Table 2-26 SNMP Configuration Options

Option

Description

Network Configurator

After saving the community strings information, the CWM processes use the new community strings for SNMP accesses. The Primary CWM also sends the configured community strings to other Secondary CWMs through the CWM Gateways.

Prior to Release 12, CWM supported configurable community strings for Cisco BPX, Cisco IGX, Cisco MGX 8220, Cisco MGX 8850 (PXM1), and Cisco MGX 8850 (PXM45) nodes. The Network Configurator configures the SNMP community strings for all the nodes managed by CWM. If a node is not configured using the Network Configurator, the default SNMP community strings are used.

Note Adding, modifying, and deleting nodes in the Network Configurator can be done only from the primary CWM. You must enter community strings in the Network Configurator that pertains to the database of a primary CWM station.

Since users must configure the community strings on both the devices through CLI, and at the CWM stations through the Configurator, there is a possibility of typing in mismatched community strings. This results in the node with the mismatched community strings either not discovered or unreachable to CWM.

Note Configured community strings cannot contain underscore ( _ ) or at (@) signs. Also, spaces are not allowed in community strings and FTP passwords.

SNMP access security

Enter the nodeinfocfg command on CWM by using a secured shell to change the community strings and passwords.

Setting Up Nonstandard Community Strings

The standard community strings are defined as default community strings. If you configure the standard community strings to a different value, the standard community strings are defined as nonstandard community strings.

To set up nonstandard community strings or to change an FTP password, enter the runConfigurator command at the CLI prompt to use the Configurator GUI to change nonstandard community strings or FTP passwords, which are used by CWM applications.

The following community string defaults for CiscoView are displayed in asterisks (*) from the User Preferences window (see Figure 2-32):

DEFAULT_RO_STRING=public

DEFAULT_RW_STRING=private

These strings are used only when

1. The device is not in the user's CV cache already.

2. The device is not in the CWM database.

Note This method will affect only CWM. You must make sure that community strings and passwords within CWM are in agreement with those on the switches.

Accessing Community Strings and FTP Passwords

By using a secured shell (SSH), the nodeinfocfg command sets the SNMP community strings and FTP passwords in CWM. The nodeinfocfg command provides authentication and secure communication on who is entering the command.

Note When CWM is online, all changes are performed only from the primary CWM.

All configuration changes for SNMP and FTP are made to the node_info table when CWM is online or offline. If primary CWM is online, all applications interested in the node_info changes are notified and propagated to all secondary CWMs. If CWM is offline, all changes to the node_info table are assigned only to the local database.

Note Only users with modify permission for the Configurator can change the community strings and passwords.

Specifies the mode to change the applicable SNMP community strings. The following are the types of modes:

•go—Configures the getString only.

•so—Configures the setString only.

•gs—Configures both getString and setString.

-u user

Specifies the FTP username for the provided password.

The default is the current username.

-s node_ids

Specifies the node_ids, node_id ranges, or both separated by commas. For example, 1,3,5-12 with no spaces between the comma and number. A range of nodes in the form of n-m is equivalent to listing the nodes as n,n+1,...,m-1,m.

The default is all nodes currently in the node_info table.

-o order-by

Specifies the order-by column name that is used for sorting the result.

The default is id.

The nodeinfocfg command returns 0 for success. If the nodeinfocfg command is not successful, a nonzero value is returned. Table 2-29 lists the exit values and error messages.

Table 2-29 Exit Values and Error Messages for the nodeinfocfg Command

Exit Value

Description

Message

0

Specifies that the command executed successfully.

—

1

Specifies that this value is executed with the -s option. If the command was partially successful, some of the node_ids are invalid.

Display the invalid node_ids.

2

Specifies a syntax error.

Display the help page.

3

Specifies that the authentication failed.

Authentication failed.

4

Specifies that the authorization failed.

Permission denied.

5

Specifies that you attempted to run the command from a secondary CWM.

Please run this command from the Primary CWM.

6

Specifies all other errors.

—

Changing Community Strings

To change the SNMP get community strings for selected nodes, complete the following procedure:

Step 1 Open a terminal window.

Step 2 Enter the nodeinfocfg command to change the SNMP get community string for the selected nodes as follows:

azure% nodeinfocfg snmp -m go [-s <node_ids>]

To configure the SNMP get community string for the selected nodes, replace <node_ids> with your chosen node IDs. For parameter definitions, see Table 2-28.

The following example is shown:

tballraker18% nodeinfocfg snmp -m go -s 12-16

execute "snmp"

svplus@tballraker18's password:

Step 3 When you are prompted for a password, you must

a. Enter the applicable UNIX password for svplus.

b. Enter the new get community string.

c. Reenter the new get community string for confirmation.

The following example is shown:

svplus@tballraker18's password:

ILOG RT-Broker 2.300, licensed to "CISCO Systems"

NewGetString:

Re-enter NewGetString:

>>>update through topod<<<

tballraker18%

To change the SNMP set community strings for all nodes, complete the following procedure:

Step 1 Open a terminal window.

Step 2 Enter the nodeinfocfg command to change the SNMP set community string for all nodes as follows:

Step 2 Enter a value in the Chassis Polling Frequency (sec) field to change the polling frequency.

The default value varies by device.

A typical value is every 60 sec. To disable polling frequency, set the value to zero. If you set the polling frequency below 60 sec for a number of devices, it may slow down your network. It is advisable to use low polling frequencies in specific testing situations and increase them when you have finished testing. Do not poll faster than every 5 sec.

Step 3 Enter a new value in the SNMP Timeout (sec) field to change the timeout interval.

A timeout indicates the amount of time it takes to reach a device. If it takes longer than the time specified, the device is considered to be either unreachable or down. The interval value is specified in seconds. The default is 3 sec.

As a guideline, the timeout value should be set to twice the average end-to-end delay in your network. If you have a network with several slow links, you may need to set the timeout to a higher value. If you have only LAN links in your network, a value of 20 sec is reasonable to account for processing delays and timer accuracy. In high traffic situations, you may experience timeouts. You should not reduce the polling frequency because this may cause a general error. Increase the timeout interval if you consistently experience timeouts.

Step 4 Enter a new value in then SNMP Retry Count field to change the number of retries.

The retries value indicates how many times CiscoView retries an unresponsive device. In busy networks, SNMP datagrams can be discarded. The retries value allows the application to continue operation during network problems. A setting of 1 is considered a reasonable value.

Warning Do not increase the retries if the network is slow! The effect may halt the network.

Step 5 Enter the read or write community string in the appropriate field.

You can enter the write community string for a device after you display the device. For example, if you did not specify the write community string when you first opened the device display, you can make changes to a device or a port setting. You can enter the write community string in the Write Community field without exiting and reopening the window.

Step 6 Click the Show MIB Label as radio button to control how parameters appear in the dialogs or tables.

The Alias option displays text labels, which is the default. MIB textual labels are user-friendly aliases of the MIB descriptor. The Descriptor option displays actual variable names (MIB descriptors) used to manage devices, for example, locIfOutBitsSec, is output bits per second.

Step 7 Click OK to affect the changes you have made in the User Preferences window.

Configuring Nodes

To configure nodes, you must use the Network Configurator application. By using the Network Configurator, Java-based application of CWM, you can:

Step 2 Modify the fields for the SNMP community strings, FTP information, and Custom information.

Note You cannot modify the Mode and Model fields.

Click Ok.

Step 3 Choose File > Save to save the node information modifications.

Note•The new node information is updated on the expanded node tree of the Network Configurator window. Contents of the node_infotable can be displayed or edited only through the Network Configurator. Changes made using the Network Configurator are not saved in the node_infotable of the database until you click Save. If you click Exit, no changes are made to the node_infotable.

•Only one instance of the Network Configurator can be used at a time for performing an operation. CWM provides tools that generate a unique node ID, but if multiple sessions of the Configurator are used at the same time, problems can occur.

Starting HP OpenView

To start the HP OpenView application, complete the following steps:

Step 1 From a C-shell window, enter CWM at the prompt.

Step 2 Enter option 1 (Start Core) to start the core process.

Step 3 From another C-shell window, start the HP OpenView application as shown in the following example:

azure% # ovw &

Several windows are displayed including warnings, Event Categories, and status updates. Eventually the Root window is displayed.

Note The WAN network icon in the network node manager is no longer automatically created when running CWM. Use the Network Topology map instead.

From the pull-down menus, you can launch all of the CWM features. Many menu items are disabled until an appropriate element is selected, such as a node in the topology.

The IP map contains the HPOV view of the attached IP network. The CWM map contains the CWM nodes, which are displayed directly from CWM.

Use the buttons in the Event Manager window to view desired event categories.